66 matches found
MDaemon Mail Server 安全漏洞
MDaemon Mail Server is an e-mail server software from MDaemon Inc. in the United States. A security vulnerability exists in MDaemon Mail Server version 23.5.2, which originates from a flaw in the use of email validation SPF, DKIM, and DMARC using the pointed brackets in the From header of the SMT...
PT-2025-45159
Name of the Vulnerable Software and Affected Versions SelfBest platform version 2023.3 Description A DOM-based Cross-Site Scripting XSS issue exists in the SelfBest platform. This allows attackers to execute arbitrary JavaScript within a logged-in user's session. The attack vector involves...
GHSA-F5VH-4RJ2-W8R8 Liferay Portal is vulnerable to DNS rebinding attacks
By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...
Liferay Portal is vulnerable to DNS rebinding attacks
By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...
CVE-2025-62266
By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...
CVE-2025-62266
CVE-2025-62266 affects Liferay Portal versions 7.4.0–7.4.3.119 and older unsupported builds, and Liferay DXP across multiple 2023–2024 releases, with DNS rebinding allowing redirection to arbitrary external URLs. Mitigation advised: change redirect URL security from IP to domain. Connected docs c...
CVE-2025-62266
By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...
CVE-2025-34252
...
EUVD-2020-6367
Malware in sbrugna...
Microsoft 365 Direct Send Abuse
The Rapid7 MDR team has observed a significant rise in the number of threat actors leveraging a lesser-known feature within Microsoft 365 called Direct Send. Rapid7 encourages organizations to immediately review their authenticated mail flow configurations, specifically related to Microsoft 365...
PT-2025-39053
Name of the Vulnerable Software and Affected Versions PenciDesign Penci Filter Everything affected versions not specified Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, leading to a potential Cross-site Scripting XSS issue...
PT-2025-39054
Name of the Vulnerable Software and Affected Versions PenciDesign Penci Podcast versions through 1.6 Description A flaw exists in PenciDesign Penci Podcast that allows for DOM-Based Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The...
CVE-2025-22249
VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL...
CVE-2025-30963
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows DOM-Based XSS.This issue affects JetSmartFilters: from n/a through = 3.6.3...
The vulnerability of the DDNS Record component of the operating system for managing Synology Router Manager network devices allows attackers to perform domain-based attacks.
The vulnerability of the DDNS Record component of the operating system used to manage Synology Router Manager devices is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a remote attacker to perform domain-level attacks...
BIT-DISCOURSE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...
CVE-2024-45051
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...
CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...
CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...
CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...